//连接mysql
//1.引入mysql模块
const mysql = require('mysql');
//2.连接mysql服务器
/*
mysql.createConnection({
  host: '127.0.0.1',
  port: 3306,
  user: 'root',
  password: '',
  database: 'jd',
  charset: 'utf8'
});
*/
//使用连接池
var pool = mysql.createPool({
  host: '127.0.0.1',
  user: 'root',
  password: '',
  database: 'jd',
  connectionLimit: 10 //设置连接池的大小
});
//①使用连接池，执行sql语句
/*
pool.query('select*from emp',(err,result)=>{
  if(err){
    throw errow;
  }
  console.log(result);
});

//②使用连接池中连接执行sql语句
pool.getConnection((err,conn)=>{
  //conn就是获取的连接
  conn.query('select*from dept',(err,result)=>{
    console.log(result);
	//需要手动释放
	conn.release();
  });
});
*/
//sql注入
//用户表 user (uid uname upwd)
//登陆  admin  1234
//sql查询user表中是否有用户名为admin，密码为1234
//var $u = 'admin'
//var $p = '1234 or 1=1';
//select * from user where uname=admin and upwd=1234 or 1==1

//防止sql注入
/*
pool.query('update emp set salary=?,sex=? where eid=?',['18000','1','1'],(err,result)=>{
  console.log(result);
});

//使用mysql，往emp表中插入1条员工记录
pool.query(`insert into emp values(16,'jones',1,'1995-3-20',3000,20)`,(err,result)=>{
  console.log(result);
});

var deptObj = {did: 50, dname:'人事部'};
pool.query('INSERT INTO dept SET ?',deptObj,(err,result)=>{
  console.log(result);
});

//练习：使用防sql注入的形式，往emp中插入2条记录
// 在员工表中查询工资大于8000，并且为女性的员工
var empObj = {eid:17,ename:'kaka',sex:1,birthday:'1999-2-3',salary:4000,deptId:50};
pool.query('insert into emp set ?',empObj,(err,result)=>{
  console.log(result);
});*/
pool.query('select * from emp where salary>? and sex=?',['8000','0'],(err,result)=>{
  console.log(result);
});







